CVE-2020-10195
MEDIUMpopup-builder < 3.64.1 - Authenticated Information Disclosure and Privilege Escalation via admin-post Actions
Title source: llmDescription
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10127
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/
Scores
CVSS v3
6.3
EPSS
0.0109
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-200
Status
published
Products (1)
sygnoos/popup_builder
< 3.64.1
Published
Mar 13, 2020
Tracked Since
Feb 18, 2026